Acronis has released its latest cyber threats and trends report for the second half of 2022 which found that phishing and the use of MFA (multi-factor authentication) fatigue attacks, an extremely effective method used in high-profile breaches, are on the rise.
Conducted by the Acronis Cyber Protection Operation Centre, the report provides an in-depth analysis of the cyber threat landscape including ransomware threats, phishing, malicious websites, software vulnerabilities and a security forecast for 2023.
Of note, the report found that threats from phishing and malicious emails have increased by 60 percent, and the average cost of a data breach is expected to reach $5 million by next year. The research team who authored the report also saw social engineering attacks jump in the last four months, accounting for 3 percent of all attacks. Leaked or stolen credentials, which allow attackers to easily execute cyber attacks and ransomware campaigns, were the cause of almost half of all reported breaches in the first half of 2022.
Ransomware continues to be the number one threat
Ransomware threats to businesses including government, healthcare, education and other sectors is generally getting worse. Each month in the second half of this year, ransomware gangs added 200-300 new victims to their combined list. There were 576 publicly-mentioned ransomware compromises in Q3, a slight increase from Q2.
The overall number of ransomware incidents decreased slightly in Q3, following a summer high from July to August when Acronis observed a 49 percent increase in blocked ransomware attacks globally, but was then followed by a decrease of 12.9 percent in September and 4.1 percent in October.
As the main threat actors are continuing to professionalise their operations, Acronis notes a shift towards more data exfiltration with most of the large players expanding their targets to MacOS and Linux systems, and consideration of cloud environments.
Phishing and malicious emails remain highly successful for threat actors
Between July and October 2022, the proportion of phishing attacks rose by 1.3x against malware attacks reaching 76 percent of all email attacks (up from 58 percent in H1 2022).
Spam rates increased by over 15 percent - reaching 30.6 percent of all inbound traffic.
The United States led as the country with the most clients experiencing malware detections at 22.1 percent in October 2022, followed by Germany with 8.8 percent and Brazil with 7.8 percent. These numbers represented a small increase for the US and Germany, especially in financial trojans.
South Korea, Jordan and China ranked as the most attacked countries in terms of malware per user in Q3.
Malicious actors continue to seek out and target unpatched systems
While software vendors release patches regularly or often, it is still not enough. Many attacks succeed due to unpatched vulnerabilities.
Acronis continues to observe and warn businesses that new zero-day vulnerabilities and old unpatched ones are the top vector of attack to compromise systems.
